From 5d468b44206b550e87fd88ccebe8a049fd47cb31 Mon Sep 17 00:00:00 2001
From: Dhruwang Jariwala <67850763+Dhruwang@users.noreply.github.com>
Date: Wed, 19 Jun 2024 12:53:28 +0530
Subject: [PATCH] fix: Adjust billing permissions (#2775)

Co-authored-by: Matti Nannt <mail@matthiasnannt.com>
---
 .../(organization)/billing/actions.ts         | 38 ++++++++++---------
 .../(organization)/billing/layout.tsx         |  4 +-
 2 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/billing/actions.ts b/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/billing/actions.ts
index 4134905161..c3f21c0463 100644
--- a/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/billing/actions.ts
+++ b/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/billing/actions.ts
@@ -29,13 +29,14 @@ export const upgradePlanAction = async (
   }
 
   const membership = await getMembershipByUserIdOrganizationId(session.user.id, organizationId);
-  if (membership?.role !== "owner") {
-    throw new AuthorizationError("Only organization owner can upgrade plan");
+
+  if (membership?.role === "owner" || membership?.role === "admin") {
+    const subscriptionSession = await createSubscription(organizationId, environmentId, priceLookupKey);
+
+    return subscriptionSession;
+  } else {
+    throw new AuthorizationError("Only organization owner or admin can upgrade plan");
   }
-
-  const subscriptionSession = await createSubscription(organizationId, environmentId, priceLookupKey);
-
-  return subscriptionSession;
 };
 
 export const manageSubscriptionAction = async (organizationId: string, environmentId: string) => {
@@ -55,15 +56,16 @@ export const manageSubscriptionAction = async (organizationId: string, environme
   }
 
   const membership = await getMembershipByUserIdOrganizationId(session.user.id, organizationId);
-  if (membership?.role !== "owner") {
-    throw new AuthorizationError("Only organization owner can upgrade plan");
-  }
 
-  const sessionUrl = await createCustomerPortalSession(
-    organization.billing.stripeCustomerId,
-    `${WEBAPP_URL}/environments/${environmentId}/settings/billing`
-  );
-  return sessionUrl;
+  if (membership?.role === "owner" || membership?.role === "admin") {
+    const sessionUrl = await createCustomerPortalSession(
+      organization.billing.stripeCustomerId,
+      `${WEBAPP_URL}/environments/${environmentId}/settings/billing`
+    );
+    return sessionUrl;
+  } else {
+    throw new AuthorizationError("Only organization owner or admin can upgrade plan");
+  }
 };
 
 export const isSubscriptionCancelledAction = async (organizationId: string) => {
@@ -74,9 +76,9 @@ export const isSubscriptionCancelledAction = async (organizationId: string) => {
   if (!isAuthorized) throw new AuthorizationError("Not authorized");
 
   const membership = await getMembershipByUserIdOrganizationId(session.user.id, organizationId);
-  if (membership?.role !== "owner") {
-    throw new AuthorizationError("Only organization owner can upgrade plan");
+  if (membership?.role === "owner" || membership?.role === "admin") {
+    return await isSubscriptionCancelled(organizationId);
+  } else {
+    throw new AuthorizationError("Only organization owner or admin can upgrade plan");
   }
-
-  return await isSubscriptionCancelled(organizationId);
 };
diff --git a/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/billing/layout.tsx b/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/billing/layout.tsx
index 8b2803fa2f..a31e68fdfd 100644
--- a/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/billing/layout.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/billing/layout.tsx
@@ -28,9 +28,9 @@ const BillingLayout = async ({ children, params }) => {
   }
 
   const currentUserMembership = await getMembershipByUserIdOrganizationId(session?.user.id, organization.id);
-  const { isOwner } = getAccessFlags(currentUserMembership?.role);
+  const { isOwner, isAdmin } = getAccessFlags(currentUserMembership?.role);
 
-  return <>{isOwner ? <>{children}</> : <ErrorComponent />}</>;
+  return <>{isOwner || isAdmin ? <>{children}</> : <ErrorComponent />}</>;
 };
 
 export default BillingLayout;